Re: Preparing Debian for using capabilities: file ownership.

[Wichert Akkerman <wichert@cistron.nl>]

Previously Nicolás Lichtmaier wrote:
>  It seems that in order to take full advantage of capabilities, files should
> not be owned by root. Files should be owned by a non-login user (e.g. bin).

I don't believe that is true at all. Can you explain why you think that
would be advantageous?

>  That's because root will be just another user, with its set of
> capabilities, and you may like to prevent him from altering system files.

Crap, you just moved that problem to another account and gained nothing.

>  As this is a major change, we'd better start now. This will also help
> people who want to implement a capabilities setup before we do...

We can't implement capabilities now anyway, since we don't have a kernel
with a filesystem that supports them.

Wichert.

-- 
   ________________________________________________________________
 / Generally uninteresting signature - ignore at your convenience  \
| wichert@liacs.nl                    http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |